Posted
by
kdawson
on Tuesday April 01, 2008 @05:21PM
from the privacy-under-pressure dept.

AngryDad writes "Beginning last September, all vehicles sold in the US have been required to have Tire Pressure Monitoring System (TPMS) installed. An article up at HexView enumerates privacy issues introduced by TPMS, and some of them look pretty scary. Did you know that traffic sensors on highways can be adopted to read TPMS data and track individual vehicles? How about an explosive device that sets itself off when the right vehicle passes nearby? TPMS has been discussed in the past, but I haven't seen its privacy implications analyzed before. Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do."

"Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do."

Yeah, encryption would stop the little hacker down the street and keep them from setting up a road side explosive set just for you, but it wouldn't stop the government -- who would mandate a backdoor -- from doing it.

And personally, I'm not really worried about the hacker down the street...if cars start blowing up I would bet money it would be government doing it...and not a foreign government, but our governme

Personally, I've never really been scared by any of the things our government keeps telling me I should be terrorized by, but what really scares me is the bleak future I see for my kids and their kids...caused by our own Orwellian, all-powerful government.

Yeah, I soooooo hear ya on that one! You know what else scares me? Clowns. The government keeps saying that there's nothing to fear from clowns, but I know The Truth! Those colourful costumes and goofy makeup are the perfect disguises for Secret Service death squads, prowling our neighbourhoods and looking to assassinate or brainwash anyone they see purchasing organic tomatoes. It's downright terrifying!

I'm glad to see that there's other right-minded folk like me on here! Keep up the good work Mr. Transporter!

Yeah, I soooooo hear ya on that one! You know what else scares me? Clowns. The government keeps saying that there's nothing to fear from clowns, but I know The Truth! Those colourful costumes and goofy makeup are the perfect disguises for Secret Service death squads, prowling our neighbourhoods and looking to assassinate or brainwash anyone they see purchasing organic tomatoes. It's downright terrifying!

The cheapest way to do tire pressure monitoring is not to add RF hardware and sensors to the wheels, but to use passive pressure monitoring with the existing breaking/traction control system. I used to work with some guys that did braking systems, and this is fairly do-able. I'm not sure if it meets all the federal requirements though. If you want to know if one tire is low they can probably tell without any extra hardware (flash for code does cost a few cents).

Especially this part:
How about an explosive device that sets itself off when the right vehicle passes nearby?
Great, first I have to worry about the tolls on I-44 through Oklahoma, now I got to worry about exploding vehicles?
Maybe in the future we can all roll to work in giant hamster balls. Getting groceries home will be a bitch tho...

When the Red Army Faction assassinated Alfred Herrhausen in 1989, they used a photocell trigger to set off an "IED" in a bicycle bag. It was a superbly precise job which targeted the actual position in the car occupied by Herrhausen.

Fast forward to now. One might scan the sensors on a target vehicle as it drives a common route, emplace IEDs on multiple routes, and break out the popcorn (or pita as the case may be) until the target drives by. This would be ideal for political hits where the target uses a specific armored vehicle.

This is Germans. They still study chemistry, physics and basic electronics and other freeky terrorist skills in school even today.

I would not be afraid of such nasty things happening in an decent god-fearful rule obiding English Speaking country. This has long been taken care of through the amendments to the school and university curriculum. And if worst comes to worst control orders can be used from people taking high school chemistry courses: http://news.bbc.co.uk/1/hi/uk/7107265.stm [bbc.co.uk]

When the Red Army Faction assassinated Alfred Herrhausen in 1989, they used a photocell trigger to set off an "IED" in a bicycle bag. It was a superbly precise job which targeted the actual position in the car occupied by Herrhausen.Fast forward to now. One might scan the sensors on a target vehicle as it drives a common route, emplace IEDs on multiple routes, and break out the popcorn (or pita as the case may be) until the target drives by. This would be ideal for political hits where the target uses a spe

"It was not the RAF who killed the german banker, the job was simply too precise and too high-tech for looney terrorist. "Being a terrorist doesn't automatically imply "lunacy" or technical incompetence.One may be smart, intelligent, capable, willing to kill political enemies, and willing to study in order to do it with style. A copperplate charge was old news, so were the sensors, so was the ability to measure the distances required. Putting them together was the nifty bit, but certainly not beyond educate

In the War on Terrorism, the president in his finite capacity for wisdom has authorized any government agency, with at least 3 letters in its acronym, to engage in acts of tire tapping without the need for endless judicial oversite.

The government won't use this information to track you down to that seedy little motel on the side of route 9, where you cavort with no less than 3 women other than your wife. We only care about catching bad guys. Your wife however...

If you have nothing to hide, you have nothing to fear but fear itself.

I have heard the same grips and concerns since the cold war where they actually did maintain the appearance of being about to do anything at any time and apparently knew everything about anyone. Just look at the movies of that era, that is how the FBI is portrayed. Now they are portrayed like bumbling idiots who get lucky every once in a while and you have the impression that it is new for them to act like they (or even want to have) have all the answers.And another thing, No one was ever charged with terro

Of course, cars also come with this thing called a "license plate", which can also be tracked remotely and wirelessly.

I don't know about "wirelessly" unless you are talking about people using their eyeballs. Eyesight detection isn't at all efficient and certainly not automated. However, there are non-wireless camera systems that can be used to more automatedly detect license plate numbers. Although, from my understanding, that hasn't really been perfected yet. Using RFID combined with detectors at ever

Using RFID combined with detectors at every street corner will allow for constant surveillance of every car all the time.

So do license plate readers, and they can operate from greater distances and completely passively. Cost for a license plate reader is about the same as a good RFID reader, and they are probably at least as reliable. Furthermore, you are required to keep your license plate readable.

Some cities are already starting to implement complete license plate-based tracking of vehicles.

Cost for a license plate reader is about the same as a good RFID reader, and they are probably at least as reliable. Furthermore, you are required to keep your license plate readable.

London uses license plates to charge you if you drive into the inner city. The solution is simple: get a sheet magnet (http://www.custom-magnets.com/Adhesive_magnet_rolls.htm) and print a fake license plate on paper. Stick the paper to the magnetic sheet, and slap that puppy over your real license plate. Removal is easy, just

Thanks for the link. I was hesitant to write that it was already out there since I haven't looked into the practical side of the technology for a while. I know about the research, but since I practically live in a cave, I didn't know if distance OCR of license plates was practical yet.

I didn't know if distance OCR of license plates was practical yet.It isn't. Even the ANPR systems they use in petrol stations to help catch people who drive off without paying have a reliability of about 60%, and they're trying to hit a stationary plate in an approximately known location every time.

I've never seen one that could read the number plate on my car, and that's just a standard (albeit old standard) UK number plate. I've seen an ANPR system get the first three letters and the last letter right,

When you come out of the cave, you'll find that your state is issuing new license plates in colors that are easier for the OCR tracker to read and have infrared reflective characters.They can read 100 plates a minute.

Of course, cars also come with this thing called a "license plate", which can also be tracked remotely and wirelessly.

I don't know about "wirelessly" unless you are talking about people using their eyeballs.

On Australian highways (In my state of New South Wales, at least), we have special cameras located on overpasses and things every couple of hundred kilometres or so. These most definitely detect where the number plates are in the image, cut them out, perform OCR, then record the ones that are on trucks. It's used to enforce the laws preventing truckers from driving too far without sleep, and constant speeding.

These cameras have been around for over 10 years, and I assure you, are highly accurate.

These cameras have been around for over 10 years, and I assure you, are highly accurate.

I don't understand why they aren't used for catching regular speeding violations too. Catching someone with a radar gun doing 107kph in a 100kph zone is dumb. Catching someone moving between point a and point b in 5.5 minutes, where point a and point b are 10km apart, equating to an average speed of ~110kph is much smarter - there is no doubt that the car in question was traveling over the speed limit for a sustained per

Catching someone moving between point a and point b in 5.5 minutes, where point a and point b are 10km apart, equating to an average speed of ~110kph is much smarter - there is no doubt that the car in question was traveling over the speed limit for a sustained period of time.

You are assuming that there are no discontinuities in the space-time continuum. I never leave home without my wormhole generator.

Catching someone moving between point a and point b in 5.5 minutes, where point a and point b are 10km apart, equating to an average speed of ~110kph is much smarter - there is no doubt that the car in question was traveling over the speed limit for a sustained period of time.

You are assuming that there are no discontinuities in the space-time continuum. I never leave home without my wormhole generator.

I realize that you were joking, but I'd like to add: whenever I'm on a turnpike (the kind where yo

Because if they actually ticketed everyone that broke the speed limit law, government would finally be forced to raise speed limits... especially since Australia is likely in the same spot as the US; illegally setting limits lower than dictated by civil engineers for the purpose of raising revenue and pushing more draconion measures on drivers.

I haven't heard about RFID in tires but even if that's the case, you can always remove or disable them. Doing the same with TPMS will, at best, result in your car constantly bitching about flat/missing tires. Or maybe even violating some new nanny-state law.

Doing any other kind of tracking requires a lot more effort tham putting a primitive scanner under a manhole cover or something.

No. Certain objects attached to the car might be able to be tracked. There is a big difference between tracking tires, license plates, etc. and tracking people. A distinction which most posters seem to have ignored in their paranoia.

Mostly because it's a distinction that's sure to be ignored by law-enforcement types too. Ever recieved a photo-radar, red light or toll-evasion ticket? It doesn't matter who was driving, if your car was at the scene of the crime you're responsible for the fine.

RFID range is largely a matter of how sensitive your receiver and antenna are. RFIDS put out approximately 250 microwatts of power. According to this [surrey.ac.uk], a 1 microwatt transmitter has a range of 45km. So with a good antenna and receiver, I don't see reading RFIDS from a hundred metres away to be much of a problem.

I am guarnateed totally 100% anonymity anywhere I go in public! It's a guarnateed right in the USA Constitution. Don't give me any of this "I can see you" bS!!!!!!!!

Being seen and identified by a person or agent of the government on the street is one thing - that's how its been for thousands of years.

Having every movement of every person on the street automatically recorded, indexed and cataloged into nationwide databases without the any human intervention is a completely different matter - that's a recipe for totalitarianism.

Right now, we are rapidly barreling down the road from how its been for thousands of years to the ultimate totalitarian state with very little g

How about an explosive device that sets itself off when the right vehicle passes nearby?

Outside of Lebanon, I don't see this as being a huge concern. (And calling it a "privacy" issue seems a bit of an understatement.) The local governments aren't sufficiently motivated to fill potholes, let alone install IEDs specifically targeted at me.

Its not clear if you could remove the sensor without damaging the tyre. The RFID cure all, the magnetron, seems safer to the tyre, but not to somebody that doesn't know what he's doing. They are a bit large to place in the nuker, so bringing the oven, interlocks defeated, to the tyre would be required.

"Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do."

Unfortunately, there is a major difference here: failure to encrypt keyless entry resulted in stolen cars (something which caught people's attention and pissed them off), whereas you'll never even notice that your TPMS isn't encrypted. People are incredibly lazy and only take action when they perceive a threat to their person or property. Liberty? As Dick Cheney would say, "So?"

I'll bet adding encryption would cost the manufacturers $0.01 per tire (or some equally trivial amount), which they will claim will ruin them. Nobody else (except for a bunch of whiny, personal liberty freaks) will care about this and it will quietly become ubiquitous.

Besides, if you aren't doing anything illegal, why should you care who takes note of your comings and goings. We're here to help you and we certainly can't do that unless we know where you are... at all times...

People are incredibly lazy and only take action when they perceive a threat to their person or property. Liberty?

While I understand your frustration, I think it's ultimately misleading to tag people as "lazy" here. Misleading precisely because I tend to agree with you: most folk are "lazy", but that the term is so loaded with negative connotation that it stops further inquiry. Human beings are likey terribly poorly adapted to understanding and reacting to these kinds of threats. Many modern threats are really pretty damn abstract (to an essentially hunter-gatherer mind, anyhow) and require a fair bit of abstract t

The solution is even easier than encryption. Just don't broadcast a unique identifier!

In this case there's no reason for each tire pressure sensor to be broadcasting one. All they need to do is chirp back the pressure inside the tire. That's it. Give them enough power to hit a receiver located in the wheel (which might be 4-6" away in a very large tire, probably a lot closer than that, and it's all inside the steel-belted tire) and call it a day. Unless you are playing Ben Hur, you're not going to get close enough to another car's tires for it to become a problem -- use a high frequency and you're going to get a substantial bit of attenuation via the tire itself, and then you're decreasing as the square of the distance through free space. You're never going to have more than one valve-stem sensor per wheel-mounted receiver, so why bother with it?

If you really do need a weak form of identification, rather than hardcoding a UID, it would be pretty trivial to have each sensor randomly choose a number from a range such that the chance of collisions was low (deriving the randomness from resistor noise or by oversampling whatever analog sensor they use to determine pressure) and reset periodically or each time the car is started. That eliminates the problem of having to coordinate UIDs and prevent duplicates (cf. the cheap Bluetooth transceivers that caused problems because their MAC-ish addresses were all zeros). Every unit can be completely identical.

On further consideration, I can't really imagine why the designers of the TPMS would have given each sensor a UID (especially since it would probably cause confusion when you rotate tires, if the car's computer tracks them)... making me wonder if this is just an elaborate 4/1 hoax.

How about the situation where a tire fails while driving? You run over a sharp object and puncture the tire, but don't notice it. I once had a tire deflate completely while driving - the tire was basically loose on the rim, but it really didn't make much difference in how the car drove at low speeds. Had I then driven at high speeds it could have been disastrous. On long trips in particular TPMS could be life-saving.

KeeLoq has been cracked recently. The wireless access control system is used in vehicles built by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota (Lexus), Volvo, Volkswagen and Jaguar. All it takes to get access is to record two messages, which can be done from up to 300 feet away. http://www.heise.de/newsticker/meldung/105772 [heise.de]

Not sure how many people took it seriously at the time, but it sounds like it's getting more and more towards mainstream awareness, especially with this new system. 20 years from now, could a person move around at all, on foot or otherwise, without the powers that be knowing about it?

I am not sure about the new mandate ( assuming its not an April fools joke), but the TPS sensor on my work car (2001 Alero) is the same sensor used for the anti-lock brakes. The ABS computer reads the ABS sensors, and any sensor that is spinning faster than the other three tires is assumed to be a flat tire ( lower diameter causes higher RPMs for a given surface speed).

Looks to me that no one is requiring continual monitoring (and reporting) of tires' conditions; only when the tire pressure falls below 25% of recommended cold pressure is a signal required to be sent (and I see nothing about being able to tell which car in a fleet has the problem from outside the car itself).

Finally, article summary should say "all NEW vehicles sold in the US" require the system, not "all vehicles sold in the US".

The final rule was published June 5, 2002. Unfortunately NHTSAproposed that if a vehicle is using a direct system (with sensors in eachtire sending a signal to the dashboard) the TPMS does not have to triggeruntil the tire is 25 percent below the recommended cold psi. An indirectTPMS (that runs off the anti-lock braking system) does not have totrigger until the tire is 30 percent below the recommended cold psi forthat tire. TIA is strongly opposed to NHTSA's supposed "safety"regulation which in effect allows the motoring public to drive on severelyunderinflated tires. TIA has supported a petition that NHTSA mandatereserve inflation pressure in tires to offset the TPMS rule. [See letter toNHTSA supporting petition.]

Why should this be a law? All this does is make cars more expensive which has the effect of making cars less affordable for lower income folks. Personally, I find the system annoying. My wife's new CRV has has the light come on twice now and get stuck and both times I've checked the tire pressure and it has been fine. The dealer can't seem to fix it.

What will the next new law be? Heated leather seats are mandatory? So much for this freedom thing I hear so much about.

Why? Because a few people had a problem with Ford using Firestone's Rollove^H^H^H^H^H^H^HDiscoverer tires on their Explorer SUV.Except, at the end of the day, the problem was really all about people driving with overloaded vehicles on underinflated tires. And however foolish this is (it's all because people don't fucking pay attention to the manner in which they operate and maintain their death machines), the guffaw cost Ford, Firestone, and the government (and thus the People) a lot of money.

Those plates do not tend to be easy for a small, low power electronic device to read and process.I've worked on trackside sensors in the railroad industry, and we found the most reliable way to recognize a train was by measuring the timing of the wheels as the passed the sensor. Optical scanners would have been a last resort. The union wouldn't let us put transponders on the trains, or we'd have done that.

Having every car transmitting a unique easily-fingerprinted signal? That'd make things so easy. It does

Basically, the new mandated TPMS sensors are all direct sensors. These sensors have been mandated as of the 2007 model year on all cars sold in the US. (There are a large number of cars sold in Canada that use this system too, but it is not mandated in Canada). Indirect systems (the ones that use the ABS sensors) are not allowed under the mandate as they were deemed too inaccurate. The TPM system is mandated to notify the driver once there is a 25% loss of pressure from nominal from the tire. Many systems a

My main concern is that some hacker kid is going to break into the traffic management network and use their monitoring systems to analyze the tire pressure on my trucks to figure out which ones are decoys and which one actually has the gold in it, at which point by manipulating the traffic signals he'll coerce it over to the right spot and blow up the street out from underneath it so it drops underground, where thieves are waiting to steal the gold [imdb.com].

The article asks why would NHTSA choose TPMS and not run-flat technology [wikipedia.org]. Run-flat tires cannot be used indefinitely while uninflated or underinflated. Generally, in such situations the sidewall supports the load, and the resulting stress on the sidewall damages it, eventually leading to failure. Furthermore, you might not be able to see that the tire isn't properly inflated. In order to prevent people from driving on underinflated run-flat tires until a catastrophic failure and possible accident, TPMS is required. Oh, and run-flat tires have other disadvantages too.

The way to get this changed would be to put a roadside detector near some Washington freeway, near a programmable billboard. Make a deal with the billboard operator to buy time on demand, and, when a known car goes by, put up "Good Morning, Senator Smith".

When I was in Britain last, I noticed how nice the drivers were. They share lanes when people drift, they let people in, no one ever gets mad. Traffic generally flowed better. I thought it was just the stoic British attitude that keeps them from blowing up at each other.

But just lately I realized, they have traffic cameras all over the place!!! You know how you drive when you have a cop behind you? Well, those Brits ALWAYS have a cop behind them.

That is not "identification." If I were to drive past a sensor that had no prior knowledge of me, there is absolutely no way they would know who I am. The "identification" part takes place elsewhere, and this could, at most, be used for tracking.

Whether you want to call this tracking or identification is just fiddling with semantics. You could equally say that a license plate does not provide identification, just tracking. As soon as it gives a way to link to some data base then there is no difference.

Tyre ids will be tracked by tyre vendors for insurance/warrantee purposes. Just add a license plate reader and the connection between the tyres and the license is made. Once there is a tie up between the tyre ids and the vehicle you have identificatio

There was a previous article about remote shutdown using OnStar [slashdot.org] which mentioned that OnStar can be used to remotely eavesdrop on your conversations. The OnStar rep didn't answer when I asked them why they included that capability.

I don't have onstar, don't know anybody who does, and only know a bit about it. Not too wild about the privacy implications either.

However, one of their advertised features is that if you get in a crash they can initiate a connection and attempt to talk to you--if you can't respond, they can automatically contact police/whoever. I would imagine that's why they have the ability to monitor the ambient sound in your car.

Or get rid of the nanny state law requiring TPMS. They give drivers a false sense of security regarding their tires, help them to justify paying even less attention to the state of their cars and required maintenance,

Oh sure, now my mod points expire...
15 years ago, when I was pulling wrenches, I was amazed at how oblivious most people are to basic preventative maintainence.
I can't count how many engines I've seen where it takes 2 liters of oil to get up to the add oil line on the dipstick.
Or how many tires I've seen at less than 10 PSI.

I've always said a basic maintainence test should be part of the driver's licensing testing process.